The AWS CloudTrail security scan on Vectrix detects a variety of CloudTrail security issues in a connected AWS account that could be leaving you vulnerable or non-compliant. This includes Trail misconfigurations, suspicious activity across your account, various SOC 2 compliance violations, and other security issues.
Scan on-demand to detect active CloudTrail security issues that you have.
Monitor continuously to get alerted about new CloudTrail security issues in the future.
Don't know how AWS CloudTrail works? Read more below.
What this scan detects
Accounts with no active Trails
Having no active trails across your account could be problematic as it presents the security risk of not recording suspicious or malicious activity across your account and the regions you operate in.
Trail creation and deletion
Creation and deletion of CloudTrail Trails could be problematic as it is a potential warning sign of unauthorized access and activity in your AWS account. Use Monitoring to receive this finding.
Regions without CloudTrail enabled
Regions without CloudTrail enabled could be problematic as bad actors will often utilize otherwise-unused AWS Regions to act maliciously in an undetected way. Having Trails enabled in all regions can reduce the likelihood of this activity going undetected.
Log S3 buckets with access logging disabled
Having CloudTrail log buckets with access logging disabled could be problematic as it allows for the possibility of users (or bad actors) modifying or deleting CloudTrail logs stored in S3 without a trace.